| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IIS newdsn.exe CGI script allows remote users to overwrite files. |
| Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. |
| finger 0@host on some systems may print information on some user accounts. |
| A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. |
| The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. |
| Denial of service in Sendmail 8.6.11 and 8.6.12. |
| BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions. |
| MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
| Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. |
| Routed allows attackers to append data to files. |
| Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. |
| Denial of service of Ascend routers through port 150 (remote administration). |
| Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. |
| Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. |
| Denial of service in Windows NT messenger service through a long username. |
| Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. |
| Denial of service in Windows NT IIS server using ..\.. |
| IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. |
| Buffer overflow in Cisco 7xx routers through the telnet service. |